Every conversation I have with a founder building AI products in Europe eventually comes around to the same question: what is this actually going to cost us?
The EU AI Act is not a fine-on-paper regulation. It has teeth. And the compliance costs are real, spread across people, processes, and infrastructure that most startups have not budgeted for.
Here is a breakdown of where the money actually goes.
The Legal Bill Comes First
Before you can comply, you need to understand what applies to you. That means legal counsel who actually knows the EU AI Act, not just GDPR specialists who have skimmed the summary.
For a startup deploying a high-risk AI system under Annex III, expect to spend between 15,000 and 50,000 euros on initial legal scoping alone. That covers classification analysis, reviewing your data governance arrangements, and mapping your obligations across Articles 9 through 17.
If you are a provider placing a system on the EU market and also acting as a deployer, that cost doubles because you are subject to two overlapping obligation sets.
Conformity Assessment Is Not Free
Article 43 requires a conformity assessment before a high-risk system goes live. For most categories, you can do this internally. But internally does not mean cheaply.
You will need to produce technical documentation under Annex IV. That means logging your training data sources, validation methodology, accuracy metrics across demographic groups, and a full description of the system purpose and logic. A consultant with AI technical audit experience charges between 10,000 and 30,000 euros per engagement for this work.
If your system falls under Annex III categories that require third-party notified body review, such as biometric categorisation or certain critical infrastructure applications, add another 20,000 to 80,000 euros for the external audit.
The Human Capital Cost Is Underestimated
The Act requires a natural person overseeing automated decision-making in high-risk contexts. That oversight has to be real, documented, and defensible.
That means hiring or retraining staff. A qualified AI compliance officer in the EU earns between 70,000 and 120,000 euros annually. If you do not have one, you will either hire one or rely on expensive external consultants for each review cycle.
Technical staff also need upskilling. Your engineers need to understand prohibited practice boundaries, data minimisation requirements under Article 10, and logging obligations under Article 12. Training programmes for a team of 20 typically run 5,000 to 15,000 euros.
Infrastructure Adjustments Are Unavoidable
Article 12 mandates automatic logging of events during the operation of high-risk AI systems. If your current infrastructure does not capture decision-level logs with timestamps, input parameters, and output records, you need to build that capability.
For most SaaS products, this means engineering work. Expect one to three months of developer time depending on complexity. At European contractor rates, that is 20,000 to 60,000 euros.
You also need to ensure your training and validation data meets the requirements of Article 10. Data from sources that cannot demonstrate relevance, representativeness, and freedom from prohibited biases will need to be replaced or supplemented. Data procurement and cleaning at scale is a real cost that organisations routinely underestimate.
The Registration and Ongoing Obligations
Once you are compliant, you have ongoing obligations. High-risk systems must be registered in the EU database. That process requires accurate technical documentation and is not a one-time submission.
Post-market monitoring under Article 72 requires a structured process for collecting and reviewing real-world performance data. If you discover a substantial modification to the system, the conformity assessment process restarts.
Annual compliance maintenance, including documentation updates, monitoring reviews, and retraining on regulatory changes, typically runs 15,000 to 40,000 euros per year for a mid-size organisation.
What This Adds Up To
For a startup deploying a single high-risk AI system in the EU, realistic first-year compliance costs range from 80,000 to 250,000 euros when you add legal, conformity, staffing, and infrastructure together. For an enterprise with multiple deployments across Annex III categories, total costs can exceed one million euros.
These are not worst-case figures. They reflect what I am seeing in practice.
The organisations that will control these costs are the ones that build compliance infrastructure once and reuse it across products, that document as they build rather than retrospectively, and that treat the technical documentation requirement as an engineering discipline rather than a legal afterthought.
Compliance is expensive. But getting it wrong is more expensive. The fines under Article 99 reach 30 million euros or 6 percent of global annual turnover. That math makes a robust compliance programme look cheap.
Top comments (0)